Added selinux::restorecond for managing restorecond service

2013-02-09 01:47:35 +02:00 · 2013-02-09 01:47:35 +02:00 · 2e6f13d0d6
commit 2e6f13d0d6
parent d1bfd32123
2 changed files with 36 additions and 0 deletions
--- a/selinux/files/restorecond.conf
+++ b/selinux/files/restorecond.conf
@ -0,0 +1,8 @@
+/etc/services
+/etc/resolv.conf
+/etc/samba/secrets.tdb
+/etc/mtab
+/var/run/utmp
+/var/log/wtmp
+/root/*
+/root/.ssh/*
--- a/selinux/manifests/init.pp
+++ b/selinux/manifests/init.pp
@ -92,6 +92,34 @@ class selinux::tools {
 }


+# Enable restorecond service.
+#
+class selinux::restorecond {
+
+    if $::selinux == "true" {
+        file { "/etc/selinux/restorecond.conf":
+            ensure  => present,
+            mode    => "0644",
+            owner   => "root",
+            group   => "root",
+            seltype => "selinux_config_t",
+            source  => [
+                "puppet:///files/selinux/restorecond.conf.${homename}",
+                "puppet:///files/selinux/restorecond.conf",
+                "puppet:///modules/selinux/restorecond.conf",
+            ],
+            notify  => Service["restorecond"],
+        }
+
+        service { "restorecond":
+            ensure => running,
+            enable => true,
+        }
+    }
+
+}
+
+
 # Set SELinux boolean value
 #
 # === Parameters